cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ACI Automation Part 1 - ACI with Postman Introduction

11248
Views
20
Helpful
6
Comments

 

I. Introduction

 

This article is a simple introduction on how to use automation in ACI.

 

In this article we’ll discuss on DN and Class name in ACI. As well as Postman, on how to login to ACI using Postman and creating a simple tenant.

 

II. Postman

 

1. What is Postman?

 

Postman is third party REST API tool. This can be used to create and retrieve object information in ACI. 

 

2. To download Postman

https://www.getpostman.com/

 

 

III. Distinguish Name and Managed Object

 

In ACI the components are represented in a management information tree (MIT). Each node in this MIT is a managed object (MO). MOs are identified by their unique distinguished name (DN). This DN provides the fully qualified path from the root of the object tree to the object itself.

 

DN is made up of a series of pieces known as relative names (RN).

 

dn = {rn}/{rn}/{rn}/{rn}…

 

The APIC REST API is a programmatic interface to the APIC. Here, you can use any programming language to generate REST calls, which contain JSON or XML formatted data to read and write objects in the APIC MIT.

 

IV. Logging to ACI with Postman

 

1. Define Your Variables

 

Click on Settings > Manage Environments

1.png

 

 

2.png

Click Add

 

Change the value of the apic, username and password accordingly.

 

2. Create Collections

 

On the top left hand side of your postman you can click either one of these button to create a new collections.

 

3.png

You can name it accordingly (e.g. Add Tenant) and click Create

 

3. Create New Request To Login To APIC

 

On the right hand side of the Postman, you can create a new request.

Inside the new request, you can fill in the following to login to APIC:

 

POST    https://{{apic}}/api/aaaLogin.json

 

Body

{ "aaaUser" : { "attributes": {"name":"{{username}}","pwd":"{{password}}" } } } 

 

As you see here, the {{apic}} {{username}} {{password}} here is your variable where you define in earlier step IV.1. It contains the value of whichever Fabric you’re currently in. The variable have to be inside the double curly braces {{ }}.  

 

Click Send.

 

4.png

Once Send, you can see the response at the bottom of the Postman that shows you the token generated.

 

Click Save, this is next to your send button. This is to Save the request to your Collection folder that you created earlier.

 

V. Creating Simple Tenant

 

1. Create New Request For Creating Tenant

 

Below example will create the new tenant with the name "tenant-1"

 

POST   https://{{apic}}/api/node/mo/uni/tn-tenant-1.json

 

Body

{"fvTenant":{"attributes":{"dn":"uni/tn-tenant-1","name":"tenant-1","rn":"tn-tenant-1","status":"created"},"children":[]}}

 

5.png

Click Send.

 

Make sure that this request is run after you logged in (Step 4). If this request is run without login, you'll find the authentication error.

 

Save the request to the collection folder.

 

2. Result

In your APIC ALL TENANTS, you'll find tenant-1 has been created.

6.png

 

 

Comments
Beginner

Thanks. How do I get around this?

{"totalCount":"1","imdata":[{"error":{"attributes":{"code":"403","text":"Token was invalid (Error: Token timeout)"}}}]}

This is right after I post for an APIC login and get a successful login (Status 200 OK)

 

Thank you!

Beginner

Hi

 

I have the same issue where it complains....

 

{
"totalCount": "1",
"imdata": [
{
"error": {
"attributes": {
"code": "403",
"text": "Need a valid webtoken cookie (named APIC-Cookie) or a signed request with signature in the cookie APIC-Request-Signature for all REST API requests"
}
}
}
]
}

 

Any ideas?

Enthusiast

I know the problem has something to do with not being logged in.

 

Can the login script be combined with the create tenant script?  How do you do that?

 

Beginner

Hello,

 

You need to login first so that you have a valid token for your subsequent requests. In the response of login script you would see token and refresh timeout (by default 600 seconds). If the session is established and remains idle for 600 seconds, then you may have to post the login script again.

 

<snip>

 <aaaLogin token="hUUaqAhmcuq56GPdvPDB76hjHxgkdNli1BcixXCFTxXiQaUrIT5zWbqWhRHcoVKwGPejFKa4U3f9LRyiPSL6fJbMDGWsWUpmz0wilYbtO1OHk+ClcOrZUnh4SzsfilAWWGa0tvxtBK/EtsEmU2+6Iz6iBwXBElCyhA913GYT1SVnoIpuz1G87rHHGX9kiLQl" siteFingerprint="B/A83Gry7cx9r2vb" refreshTimeoutSeconds="600"

</snip>

 

There are two ways to do it,

1. Either post the login script first (separately) and then post your subsequent scripts.

2. Save your  sequential list of scripts in a collection and place the login script at the top. With this you can run multiple sequential script with one go, eg. creating filter, contracts and attaching it to the EPG with one collection runner consisting of multiple jobs.
CollectionRunner.PNG

 CollectionRunner2.PNG

In the above snapshot, ACI-API is the collection, which contains folder name Fabric and in that folder there are sequential scripts.

 

 

 

 

 

 

Beginner

Why didn't you have to use the token for the next post request?

 

I read in ACI documentation that once you get the auth token from the login request, then you should use it in next requests.

 

If I create a script in python to make both requests, do I have to send the token in the second request as an Authorization request header? Something like:

Authorization : Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiw...

 

Thank you!

Beginner

Hi Fonsies,

In postman, it maintains the session like browser. So when we post login payload, a session is created which lasts for 600seconds(default token refresh timeout). So any subsequent requests are allowed bydefault since they are part of the same session.

 

In case of firing APIs with python, to avoid overhead of sending token through header of subsequent request, you should use request.session() function from requests lib.

 

Regards,

Jayesh

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards